From a6f4cdd825fc8e74774b0925e16ceadafed4657d Mon Sep 17 00:00:00 2001
From: Michele Cereda <cereda.michele@gmail.com>
Date: Sat, 22 Apr 2023 14:19:57 +0200
Subject: [PATCH] chore: imported knowledge from the private kb

---
 knowledge base/openssl.md | 72 +++++++++++++++++++++++++++++++++++++--
 1 file changed, 69 insertions(+), 3 deletions(-)

diff --git a/knowledge base/openssl.md b/knowledge base/openssl.md
index d6fc692..5a3b793 100644
--- a/knowledge base/openssl.md	
+++ b/knowledge base/openssl.md	
@@ -1,14 +1,20 @@
 # OpenSSL
 
 1. [TL;DR](#tldr)
+1. [Create a self signed certificate](#create-a-self-signed-certificate)
+1. [Display the contents of a SSL certificate](#display-the-contents-of-a-ssl-certificate)
 1. [Troubleshooting](#troubleshooting)
    1. [Code 20: unable to get local issuer certificate](#code-20-unable-to-get-local-issuer-certificate)
    1. [Code 21: unable to verify the first certificate](#code-21-unable-to-verify-the-first-certificate)
+1. [Further readings](#further-readings)
 1. [Sources](#sources)
 
 ## TL;DR
 
 ```sh
+# Generate a pseudo-random password, encode it in base64 and print it out.
+openssl rand -base64 18
+
 # Check a certificate and return information about it.
 openssl x509 -in 'certificate.crt' -text -noout
 
@@ -83,6 +89,52 @@ openssl verify -CAfile 'RootCert.pem' -untrusted 'Intermediate.pem' 'UserCert.pe
 cat 'server.crt' 'intermediate1.crt' 'intermediateN.crt' 'rootca.crt'
 ```
 
+## Create a self signed certificate
+
+```sh
+openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365
+```
+
+To make it **not** ask for a password, add the `-nodes` option.
+
+To avoid answering the questions (for automation), add `-subj "/C=US/ST=Oregon/L=Portland/O=Company Name/OU=Org/CN=www.example.com"`:
+
+```sh
+$ openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes -subj "/C=NL/ST=Nederlands/L=Amsterdam/O=Mek Net/OU=Org/CN=mek.info"
+openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes -subj "/C=NL/ST=Nederlands/L=Amsterdam/O=Mek Net/OU=Org/CN=mek.info"
+Generating a 4096 bit RSA private key
+..............................................................................................................................................................................................................................++
+...........................................................................................................................................................................++
+writing new private key to 'key.pem'
+-----
+
+$ ls
+key.pem                       cert.pem
+```
+
+## Display the contents of a SSL certificate
+
+```sh
+# if PEM formatted
+$ openssl x509 -in cert.pem -text
+
+# if DER formatted
+$ openssl x509 -in cert.der -inform der -text
+```
+
+```txt
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            bc:ac:32:b7:cd:42:3f:e3:05:48:36:ed:84:fc:56:b8
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: CN=bed8ecc9-ae31-40b9-bb27-448ec91dd6f4
+…
+Rq4HD9Ap8Ew1r9ttTeECig==
+-----END CERTIFICATE-----
+```
+
 ## Troubleshooting
 
 ### Code 20: unable to get local issuer certificate
@@ -127,15 +179,29 @@ This error is somewhat generic, and a previous error message might be telling mo
 
 See [code 20](#code-20-unable-to-get-local-issuer-certificate).
 
-## Sources
+## Further readings
 
 - [OpenSSL commands to check and verify your SSL certificate, key and CSR]
-- [How to generate a self-signed SSL certificate using OpenSSL]
 - [The most common OpenSSL commands]
+- [Create a self signed certificate]
+- [Display the contents of a SSL certificate]
+
+## Sources
+
+All the references in the [further readings] section, plus the following:
+
+- [How to generate a self-signed SSL certificate using OpenSSL]
 - [OpenSSL unable to verify the first certificate for Experian URL]
 - [Verify certificate chain with OpenSSL]
 
-<!-- -->
+<!-- project's references -->
+
+<!-- internal references -->
+[further readings]: #further-readings
+
+<!-- external references -->
+[create a self signed certificate]: https://stackoverflow.com/questions/10175812/how-to-create-a-self-signed-certificate-with-openssl#10176685
+[display the contents of a ssl certificate]: https://support.qacafe.com/knowledge-base/how-do-i-display-the-contents-of-a-ssl-certificate/
 [how to generate a self-signed ssl certificate using openssl]: https://stackoverflow.com/questions/10175812/how-to-generate-a-self-signed-ssl-certificate-using-openssl#10176685
 [openssl commands to check and verify your ssl certificate, key and csr]: https://www.ibm.com/support/pages/openssl-commands-check-and-verify-your-ssl-certificate-key-and-csr
 [openssl unable to verify the first certificate for experian url]: https://stackoverflow.com/questions/7587851/openssl-unable-to-verify-the-first-certificate-for-experian-url